The use of instant messages to spread malware is no longer new; neither is the use of URL shorteners. What is somewhat unusual is how these URL shorteners were used.

The URL shortener used in this attack, ow.ly, shortens long URLs using the format http://ow.ly/(5 alphanumeric characters). Note that the spammed URL was padded with the query string ?=www.facebook.com/photo.php. This can lead users to believe that they are going to a Facebook page to see a picture, as the instant message says. Unwitting users, failing to see the entire URL, are led to believe that they will land on a Facebook page instead of a malicious page.

The malicious link downloads a worm detected by Trend Micro as WORM_YIMBOT.A. Smart Protection NetworkTM already protects Trend Micro product users from this attack. In addition, the site the shortened link targets has also been blocked.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:

Security Predictions for 2020

Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.Read our security predictions for 2020.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.